Mobile malware targets Android users

Your mobile phone is a journal containing the deepest secrets of your digital life. Who is reading yours?

Your mobile device follows you everywhere. It can tell you where you need to go, when and how. It knows who you contact frequently, maybe even who you love the most. Your personal photos are always at hand, your favourite music too. When you flick through your phone you have access to the most intimate parts of your life in both the real and digital world.

So when you get up from lunch to see that your phone is no longer at its usual place on the table, alarm bells ring. ‘Did I lock my phone? Who has access to my accounts?’

The answer? Everyone.

However, this can be just as true when your phone is still in your hand. All it takes is one wrong step and your internet banking data is being sold on the dark web.

This is the world we now live in. Unlike a hardcover journal, our phones can be reprogrammed to act just like infected PCs sharing everything they contain with whoever asks for it.

Banking trojans are nothing new, yet the latest incarnations targeting Android devices are engineered to steal money from your bank account by gaining administrator privileges remotely. It is often bundled in with third party apps downloaded outside of the Google Play Store.

Dubbed BankBot, these latest variants of Android malware are able to send and intercept SMS messages, make calls from your phone, track other victim’s devices (including those of your loved ones), access contacts (including those of your loved ones) and just to seal the deal, steal your sensitive information such as banking information and credit card details.

The sophistication of modern malware is what makes it so troubling. BankBot malware sneakily hides on your phone until you open any mobile banking or social media app. Once you have done so, BankBot launches phishing login overlays – a fake login page that appears legitimate – tricking you into re-authenticating or re-entering your payment card details. Your details are then sent back to online servers where your private data can be used by anyone with access.

It’s not only about your banking apps

BankBot phishes credentials for social media apps too, including Facebook, WhatsApp, Instagram and Twitter. With complete access they are able to spread the malware further through messages from your account.

Imagine your dear Aunt Betty finally signed up for Facebook and installed it on her smartphone at your insistence AND with your help. Of course, when she sees she has a message from you she opens it eagerly, not realising that what your message contains will eat away at her life savings until there is nothing left.

Worst of all, once the hackers have made transactions on Aunty Betty’s behalf, the text message notifications she should have received from the bank have been intercepted and deleted before she could ever see them so she has no idea it’s happening.

You’re having a pretty bad day, right? You’ve managed to give hackers access to all of your private information and provide access to all of your friends and loved ones. ALL of this while your phone is still in your hand.

But you’re in a hurry. You’ve taken too long at lunch and are running late for a meeting. Of course, you’ll want to try to clear your phone as quickly as possible. You’ve seen an ad recently for a mobile security app but can’t find it in the Google Play store so you download the APK direct from the website in your browser. You quickly dismiss the popup talking about the unknown sources and terms and conditions and within seconds you are looking at this:

Now not only are you late, but TWO hacker groups have access to your data AND you’re locked out of your phone until you agree to pay a ransom.

Now what do you do?

Your phone is locked, so you’ll need to boot it into safe mode. If you are unsure of how to do this, check the help forums of the company that made your particular phone. When in safe mode, only system apps are started on the device as it boots, so you can go through and uninstall the apps through the ‘uninstall’ function in your settings.

It is possible that the ransomware is coming directly from the web browser you downloaded it from. In that case, simply shut down the web browser.

So by now, you’re likely asking how this could have all been prevented in the first place.

Be the sole keeper of your story: protect your digital life

Just a sidenote….A small thing you can do, for optimizing your overall security on an android phone is to encrypt your data on your phone, and App lock software with sensitive personal data with a pin code. And maybe you could ask yourself, if you really need to have all your personal sensitive data collected on one device. Btw. Emsisoft mobile security comes with a ” tips of the week ” in their ” This week’s Report “. Maybe Emsisoft next tip of the week could be : do you know how to boot your phone into safe mode ” …just a suggestion… =) Just curious what do you do, to secure your phone. And what thoughts have you done regarding if your phone were stolen.

Hi Tempus. Thanks for your comment and great suggestions. In terms of security, our Emsisoft Mobile Security comes with app lock as well as anti-theft. So should your device be stolen, you have the option to log into https://central.emsisoft.com/ to remotely track, lock and wipe the device as long as it’s turned on.